site-accueil-insa/admin/gestion_des_acces.php

<?php
include "script.php";

if($user['perm'] < 3) {
	header('Location: deco.php');
}

if(isset($_GET['del']) AND !empty($_GET['del']))
{
	if($user['perm'] >= 3) {
		$del = (int) htmlspecialchars($_GET['del']);

		if($del != 1) {
			$req = $db->prepare('DELETE FROM admin WHERE id =?');
			$req->execute(array($del));
			header('Location: gestion_des_acces.php');
		} else {
			$error = "On ne peut pas suprimer le superutilisateur sauf manuellement dans la base de données !";
		}
	}
}

if(isset($_GET['gda']) AND !empty($_GET['gda']))
{
	if($user['perm'] >= 3) {

		$gda = (int) htmlspecialchars($_GET['gda']);

		if($gda != 1) {
			$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
			$req->execute(array(0,$gda));
			header('Location: gestion_des_acces.php');
		} else {
			$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
		}
	}
}

if(isset($_GET['ville']) AND !empty($_GET['ville']))
{
	if($user['perm'] >= 3) {

		$ville = (int) htmlspecialchars($_GET['ville']);

		if($ville != 1) {
			$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
			$req->execute(array(1,$ville));
			header('Location: gestion_des_acces.php');
		} else {
			$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
		}
	}
}

if(isset($_GET['bur']) AND !empty($_GET['bur']))
{
	if($user['perm'] >= 3) {

		$bur = (int) htmlspecialchars($_GET['bur']);

		if($bur != 1) {
			$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
			$req->execute(array(2,$bur));
			header('Location: gestion_des_acces.php');
		} else {
			$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
		}
	}
}

if(isset($_GET['adm']) AND !empty($_GET['adm']))
{
	if($user['perm'] >= 3) {

		$adm = (int) htmlspecialchars($_GET['adm']);
		
		if($adm != 1) {
			$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
			$req->execute(array(3,$adm));
			header('Location: gestion_des_acces.php');
		} else {
			$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
		}
	}
}


if(isset($_POST['send'])) {
	if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) {

		if($user['perm'] >= 3) {
			$pseudo = htmlspecialchars($_POST['pseudo']);
			$perm = htmlspecialchars($_POST['perm']);

			switch ($perm) {
			case "v0":
				$perm_int = 0;
				break;
		    case "v1":
		    	$perm_int = 1;
		        break;
		    case "v2":
		    	$perm_int = 2;
		        break;
		    case "v3":
		    	$perm_int = 3;
		        break;
			}

			if(strlen($pseudo) <= 50) {
				$req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?");
	            $req->execute(array($pseudo));
	            $pseudo_exist = $req->rowCount();
	            if ($pseudo_exist == 0) {
					$req = $db->prepare("INSERT INTO admin(pseudo, perm) VALUES(?, ?)");
					$req->execute(array($pseudo, $perm_int));
					header('refresh:0');
				} else {
					$error = "pseudo déja utilisé";
				}
			} else {
				$error = "le pseudo ne doit pas dépasser 50 char";
			}
		}
	} else {
		$error = "Tout les champs doivent être complétés";
	}
}
?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Admin / Accès</title>
</head>
<body>
	<main>
		<form method="POST">
			<input type="text" placeholder="identifiant INSA" name="pseudo" class="input_inline">
			<select name="perm" class="input_inline">
				<option value="v0">GDA - Perm 0</option>
				<option value="v1">Ville/Photo - Perm 1</option>
				<option value="v2">Bureau - Perm 2</option>
				<option value="v3">Admin - Perm 3</option>
			</select>
			<input type="submit" name="send" value="Creer l'acces" class="submit_inline">
		</form>
		<?php
		if(isset($error)) {
			echo "<font color='red'>".$error."</font>";
		}
		?>
		<br><br>
		<table class="acces">
			<tr>
				<th width="10%">ID (db)</td>
				<th width="40%">Identifiant INSA</td>
				<th width="40%">Perm</td>
				<th width="10%">Actions</td>
			</tr>
			<?php
			$req = $db->query('SELECT id, pseudo, perm FROM admin');
			while($admin = $req->fetch()) {
			?>
				<tr>
					<td><?= $admin['id'] ?></td>
					<td><?= $admin['pseudo'] ?></td>
					<td><?php
						switch ($admin['perm']) {
						case 0:
							echo "<a href='?ville=".$admin['id']."'><font color='green'>GDA</font></a>";
							break;
					    case 1:
							echo "<a href='?bur=".$admin['id']."'><font color='#3498DB'>Ville/Photo</font></a>";
							break;
					    case 2:
							echo "<a href='?adm=".$admin['id']."'><font color='orange'>Bureau</font></a>";
					        break;
					    case 3:
					        echo "<a href='?gda=".$admin['id']."'><font color='red'>Admin</font></a>";
					        break;
						}
					?></td>
					<td><?php
					if($admin['id'] == 1) {
						echo "<font color='red'>none</font>";
					} else {
						echo '<a href="?del='.$admin["id"].'" class="cross">X</a>';
					}
					?></td>
				</tr>
			<?php } ?>
		</table>
	</main>
</body>
</html>